[prev in list] [next in list] [prev in thread] [next in thread]
List: pfsense-discussion
Subject: [pfSense] 1:1 NAT exposing LAN addresses?
From: Ted Smith <netwrkwarrior () live ! com>
Date: 2012-08-21 14:01:04
Message-ID: SNT135-W581FBE18AB63ECE51AFB49D0B80 () phx ! gbl
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I'm using pfSense 2.0.1 and I'm having difficulty with 1:1 NAT not working =
as expected.
I have setup a 1:1 NAT by following the various tutorials and instructions =
found on the pfSense website and other sources:1) Create Virtual IP with ex=
ternal address using 'IP Alias' setting (172.16.0.5)2) Create 1:1 NAT rule =
with external address 172.16.0.5 mapped to internal address 192.168.0.5 (de=
stination left as 'any')3) Create firewall Rule on WAN interface forwarding=
from source 'any' to 192.168.0.5=2C protocol any.
After completing this setup I have successfully been able to ping the outsi=
de address and have it pass through to the internal address.
The trouble I have is that my outside client can also ping the internal add=
ress 192.168.0.5. This is a problem. I would like to not expose any interna=
l addresses and have outside clients only be able to use the outside addres=
s. I have used Wireshark on the inside address server and all the pings loo=
k the same from inside the network and appear to come from the LAN address =
of the firewall (as expected). I've tried various permutations of additiona=
l firewall rules and had no success. If I take away the rules altogether th=
e NAT stops working and no traffic is forwarded.
In case you are wondering=2C the WAN in my setup is just another internal n=
etwork and hence the use of private addresses.
Thanks for any help.
Ted
=
[Attachment #5 (text/html)]
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
<style>
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}
</style>
<div dir="ltr"><div>I'm using pfSense 2.0.1 and I'm having difficulty with 1:1 NAT \
not working as expected.</div><div><br></div>I have setup a 1:1 NAT by following the \
various tutorials and instructions found on the pfSense website and other \
sources:<div>1) Create Virtual IP with external address using 'IP Alias' setting \
(172.16.0.5)</div><div>2) Create 1:1 NAT rule with external address 172.16.0.5 mapped \
to internal address 192.168.0.5 (destination left as 'any')</div><div>3) Create \
firewall Rule on WAN interface forwarding from source 'any' to 192.168.0.5, protocol \
any.</div><div><br></div><div>After completing this setup I have successfully been \
able to ping the outside address and have it pass through to the internal \
address.</div><div><br></div><div>The trouble I have is that my outside client can \
also ping the internal address 192.168.0.5. This is a problem. <span \
style="font-size:10pt">I would like to not expose any internal addresses and have \
outside clients only be able to use the outside address. I have used Wireshark on the \
inside address server and all the pings look the same from inside the network and \
appear to come from the LAN address of the firewall (as expected). I've tried various \
permutations of additional firewall rules and had no success. If I take away the \
rules altogether the NAT stops working and no traffic is \
forwarded.</span></div><div><br></div><div>In case you are wondering, the WAN in my \
setup is just another internal network and hence the use of private \
addresses.</div><div><br></div><div>Thanks for any \
help.</div><div><br></div><div>Ted</div></div> </div></body>
</html>
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic